<?php
if(!isset($_POST['submit']))
{
	//This page should not be accessed directly. Need to submit the form.
	echo "error; you need to submit the form!";
}
$vorname = $_POST['Vorname'];
$nachname = $_POST['Nachname'];
$adresse = $_POST['Adresse'];
$visitor_email = $_POST['Email'];
$visitor_tel = $_POST['Telefon'];
$message = $_POST['Nachricht'];


//Validate first
if(empty($vorname)||empty($nachname)||empty($visitor_tel)||empty($visitor_email)||empty($adresse)||empty($message)) 
{
    echo "Name and email are mandatory!";
    exit;
}

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}

$email_from = 'info@muff-gartenbau.ch';//<== update the email address
$email_subject = "Neue Nachricht von muff-gartenbau.ch";
$email_body = "Du hast eine neue Nachricht erhalten von:\n\n";
$email_body .= 	"Vorname:\t$vorname\n";
$email_body .= 	"Nachname:\t$nachname\n";
$email_body .= 	"Adresse:\t$adresse\n";
$email_body .= 	"Telefon:\t$visitor_tel\n";
$email_body .= 	"Email:\t$visitor_email\n\n";
$email_body .=  "Nachricht:\n$message".
    
$to = "marc.bucher@gmail.com";//<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: danke.html');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
   
?>